Incident Reporting

Reporting an Information System Security or Cyber Incident

The OIT Information Security Operations Center (ISOC) is staffed to receive and disseminate timely information regarding network security vulnerabilities and threats in the State of Colorado. The ISOC will receive, analyze, and escalate reports to state agencies that their systems are being used to source or are being victimized by a threat vector.

The ISOC can be contacted at:

We encourage you to report any activities that you feel meet the criteria for an incident. Note that our policy is to keep any information specific to your site confidential unless we receive your permission to release that information.

Definition of an Information System Security or Cyber Incident

State of Colorado characterizes information system security or cyber incidents as any event violating State of Colorado security policy, standards, procedures, guidelines, processes or security best practice that may be detected as unexplained network or system behavior resulting in the loss of sensitive data or any instance where State of Colorado’s reputation might suffer. State of Colorado segments these incidents into the following categories consistent with definitions published by the National Infrastructure Protection Center:

  • Increased access to informational assets
  • Unauthorized disclosure of information
  • Corruption of information
  • Denial of Service
  • Theft of State of Colorado Information Technology (IT) and Telecommunications assets, services, or resources